Free and Open-Source Software: Difference between revisions
From SecurityTools
(Add line and internal link for INetSim tool suite.) |
(Change all references to "Web Fuzzer" to "Fuzzer" and change text description to "fuzzing tool") |
||
(12 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
=== A === | === A === | ||
* [[Advanced Policy Firewall]] (apf) - A [[NetFilter]] firewall command-line management tool similar to [[IPTables]] | |||
* [[Advanced Port Scanner]] - A graphical port scanner for Windows which has the capability of identifying programs running on listening ports | |||
* [[AirCrack-NG]] - A complete suite of tools to assess WiFi network security | * [[AirCrack-NG]] - A complete suite of tools to assess WiFi network security | ||
* [[Angry IP Scanner]] - A port and host scanner for Windows. | * [[Angry IP Scanner]] - A port and host scanner for Windows. | ||
Line 15: | Line 17: | ||
=== D === | === D === | ||
* [[dirb]] - A CLI [[Fuzzer|fuzzing t]]<nowiki/>[[Fuzzer|ool]] for finding hidden web objects based on dictionary attacks | |||
* [[dirb-gendict]] - A command line tool for generating dictionaries to be used with the above [[dirb]] tool | |||
* [[DirBuster JF|DirBuster]] (James Fischer) - A Java-based, [[Fuzzer|fuzzing tool]] with a graphical interface used for finding hidden URIs/web resources | |||
* [[DirBuster 1llusion|DirBuster]] (Mr1llusion) - A Python script [[Fuzzer|fuzzing tool]] used for finding hidden URIs/web resources from the command line | |||
=== E === | === E === | ||
Line 23: | Line 30: | ||
=== F === | === F === | ||
* [[ffuf - Fuzz Faster U Fool]] - A fast web fuzzer written in Go | * [[ffuf - Fuzz Faster U Fool]] - A fast web [[fuzzer]] written in Go | ||
* [[Firewall-cmd]] - The command-line client for the firewalld daemon | |||
* [[Firewall builder]] - A no-longer-maintained graphical interface to manage Netfilter/iptables, ipfw, PF, Cisco PIX, and other firewall rules | |||
* [[froggy]] - A subdomain enumeration tool | * [[froggy]] - A subdomain enumeration tool | ||
Line 29: | Line 38: | ||
* [[Garud]] - An automated reconnaisance tool which enumerates a target and all sub-domains and finds low-hanging fruit | * [[Garud]] - An automated reconnaisance tool which enumerates a target and all sub-domains and finds low-hanging fruit | ||
* [[GoBuster]] - A [[Brute Forcer|brute-forcing]] tool finding for hidden URIs, cloud hosts, DNS subdomains, and more | |||
* [[Gufw]] - A graphical interface for managing [[Uncomplicated Firewall]] rules | |||
=== H === | === H === | ||
Line 34: | Line 45: | ||
* [[Hashcat]] - A multi-operating system, high-speed password recovery tool | * [[Hashcat]] - A multi-operating system, high-speed password recovery tool | ||
* [[Hash Suite]] - A Windows-based high-performance password cracker | * [[Hash Suite]] - A Windows-based high-performance password cracker | ||
*[[httpx]] - A fast HTTP toolkit | * [[httpx]] - A fast HTTP toolkit | ||
=== I === | === I === | ||
* [[INetSim]] - A suite of tools for simulating Internet services to test network behavior of tools or unknown software | * [[INetSim]] - A suite of tools for simulating Internet services to test network behavior of tools or unknown software | ||
*[[IPTables]] - The userspace command line program used to configure | * [[IPTables]] - The userspace command line program used to configure Linux 2.4.x and later packet filtering rulesets | ||
=== J === | === J === | ||
Line 52: | Line 63: | ||
* [[L0phtCrack]] - An open-source password hash cracker | * [[L0phtCrack]] - An open-source password hash cracker | ||
*[[Lynis]] - An open-source security auditing tool for Unix-based operating systems | * [[Lynis]] - An open-source security auditing tool for Unix-based operating systems | ||
=== M === | === M === | ||
* [[Maltego|Maltego Community Edition]] - An open-source intelligence and graphical link analysis tool | * [[Maltego|Maltego Community Edition]] - An open-source intelligence and graphical link analysis tool | ||
*[[mdk3]] - A tool for exploiting common IEEE 802.11 protocol weaknesses | * [[MASSSCAN]] - An extremely high-speed port scanner. Most famously used for scanning the entire internet in mere minutes | ||
*[[Medusa]] - The massively speedy, highly parallel, modular login brute-forcing password cracker | * [[mdk3]] - A tool for exploiting common IEEE 802.11 protocol weaknesses | ||
* [[Medusa]] - The massively speedy, highly parallel, modular login brute-forcing password cracker | |||
=== N === | === N === | ||
* [[NCrack]] - A high-speed, multi-platform network authentication cracking tool | * [[NCrack]] - A high-speed, multi-platform network authentication cracking tool | ||
*[[NetStumbler]] - A Windows-based wireless network detection tool used for wardriving and WiFi mapping | * [[NetCat]] - A networking utility which reads and writes data across network connections, using the [[wikipedia:Internet_protocol_suite|TCP/IP protocol]] | ||
* [[NetStumbler]] - A Windows-based wireless network detection tool used for wardriving and WiFi mapping | |||
* [[NFTables]] - The newer [[NetFilter]] userspace program replacing [[IPTables]] for Linux firewall management | |||
* [[Nikto]] - A free command-line utility vulnerability scanner | * [[Nikto]] - A free command-line utility vulnerability scanner | ||
* [[NMap]] - A network discovery and security auditing port/host scanner | * [[NMap]] - A network discovery and security auditing port/host scanner | ||
Line 69: | Line 83: | ||
=== O === | === O === | ||
* [[OpenVAS]] - A full-featured vulnerability scanner forked from the [[Nessus]] code base in 2006 | |||
* [[ophCrack]] - An open-source Windows-password cracking program | * [[ophCrack]] - An open-source Windows-password cracking program | ||
*[[Oracle VirtualBox]] - An open-source system virtualization tool | * [[Oracle VirtualBox]] - An open-source system virtualization tool | ||
*[[OSSEC]] - A free Host Intrusion Detection System (HIDS) tool | * [[OSSEC]] - A free Host Intrusion Detection System (HIDS) tool | ||
=== P === | === P === | ||
* [[p0f]] - An open-source, passive-listening traffic fingerprinting tool for Unix-based systems | * [[p0f]] - An open-source, passive-listening traffic fingerprinting tool for Unix-based systems | ||
*[[PimpMyKali]] - A script for fixing Kali virtualized system problems | * [[PimpMyKali]] - A script for fixing Kali virtualized system problems | ||
* [[Port Authority]] - An [https://www.android.com/ Android based], high-speed scanner that allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts | |||
* [[PortQry]] - A command-line port scanner which runs on Windows 2000 based servers | |||
* [[PortQryUI]] - A graphical interface the the above-listed [[PortQry]] tool | |||
* [[pwncat]] - A post-exploit tool for streamlining red team operations | * [[pwncat]] - A post-exploit tool for streamlining red team operations | ||
Line 87: | Line 105: | ||
=== S === | === S === | ||
* [[SMap]] - A command-line options compatible replacement for [[NMap]] powered for the [https://www.shodan.io/ Shodan] port scanning API | |||
* [[Snort|Snort (Community Ruleset)]] - A free and open-source network intrusion detection system (NIDS) and intrusion prevention system (IPS) | * [[Snort|Snort (Community Ruleset)]] - A free and open-source network intrusion detection system (NIDS) and intrusion prevention system (IPS) | ||
Line 92: | Line 111: | ||
* [[tcpdump]] - A powerful command-line packet analyzer | * [[tcpdump]] - A powerful command-line packet analyzer | ||
* [[TCP Port Scanner]] - An application that uses high-speed [[wikipedia:Transmission_Control_Protocol#Connection_establishment|SYN]] scanning to find open ports on a network | |||
* [[Test My Defenses]] - A free website by ZScaler to test and advise on how to improve your protection against Ransomware | |||
* [[THC-Hydra]] - A [[wikipedia:GNU_General_Public_License|GPLed]] proof-of-concept password cracking tool | * [[THC-Hydra]] - A [[wikipedia:GNU_General_Public_License|GPLed]] proof-of-concept password cracking tool | ||
=== U === | === U === | ||
* [[Uncomplicated Firewall]] (UFW) - A command-line tool for managing NetFilter firewalls, available in Ubuntu and Debian distributions | |||
=== V === | === V === | ||
=== W === | === W === | ||
* [[Wfuzz]] - A web | * [[Wfuzz]] - A [[Fuzzer|fuzzing tool]] for finding hidden web resources | ||
* [[Wireshark]] - The world’s foremost, widely-used network protocol analyzer | * [[Wireshark]] - The world’s foremost, widely-used network protocol analyzer | ||
Latest revision as of 16:01, 27 September 2023
Free and Open-Source Software (FOSS) is software that is Free Software and Open-Source Software. There is so much FOSS in the security domain that I believe this warrants its own wiki page.
A[edit | edit source]
- Advanced Policy Firewall (apf) - A NetFilter firewall command-line management tool similar to IPTables
- Advanced Port Scanner - A graphical port scanner for Windows which has the capability of identifying programs running on listening ports
- AirCrack-NG - A complete suite of tools to assess WiFi network security
- Angry IP Scanner - A port and host scanner for Windows.
- AutoRecon - A multi-threaded network reconnaisance tool intended to save time in penetration testing environments and CTFs
B[edit | edit source]
- Burp Suite Community Edition - Web Application testing software
C[edit | edit source]
- Cain and Abel - A freely available Windows password sniffer and cracker
D[edit | edit source]
- dirb - A CLI fuzzing tool for finding hidden web objects based on dictionary attacks
- dirb-gendict - A command line tool for generating dictionaries to be used with the above dirb tool
- DirBuster (James Fischer) - A Java-based, fuzzing tool with a graphical interface used for finding hidden URIs/web resources
- DirBuster (Mr1llusion) - A Python script fuzzing tool used for finding hidden URIs/web resources from the command line
E[edit | edit source]
- EtherApe - A graphical network monitor and sniffer
- Ettercap - A suite of tools for Man-in-the-Middle (MITM) attacks
F[edit | edit source]
- ffuf - Fuzz Faster U Fool - A fast web fuzzer written in Go
- Firewall-cmd - The command-line client for the firewalld daemon
- Firewall builder - A no-longer-maintained graphical interface to manage Netfilter/iptables, ipfw, PF, Cisco PIX, and other firewall rules
- froggy - A subdomain enumeration tool
G[edit | edit source]
- Garud - An automated reconnaisance tool which enumerates a target and all sub-domains and finds low-hanging fruit
- GoBuster - A brute-forcing tool finding for hidden URIs, cloud hosts, DNS subdomains, and more
- Gufw - A graphical interface for managing Uncomplicated Firewall rules
H[edit | edit source]
- Hashcat - A multi-operating system, high-speed password recovery tool
- Hash Suite - A Windows-based high-performance password cracker
- httpx - A fast HTTP toolkit
I[edit | edit source]
- INetSim - A suite of tools for simulating Internet services to test network behavior of tools or unknown software
- IPTables - The userspace command line program used to configure Linux 2.4.x and later packet filtering rulesets
J[edit | edit source]
- John the Ripper - A multi-platform password cracker
K[edit | edit source]
- Kismet - A suite of tools for wireless sniffing, network and device detection, and wardriving
L[edit | edit source]
- L0phtCrack - An open-source password hash cracker
- Lynis - An open-source security auditing tool for Unix-based operating systems
M[edit | edit source]
- Maltego Community Edition - An open-source intelligence and graphical link analysis tool
- MASSSCAN - An extremely high-speed port scanner. Most famously used for scanning the entire internet in mere minutes
- mdk3 - A tool for exploiting common IEEE 802.11 protocol weaknesses
- Medusa - The massively speedy, highly parallel, modular login brute-forcing password cracker
N[edit | edit source]
- NCrack - A high-speed, multi-platform network authentication cracking tool
- NetCat - A networking utility which reads and writes data across network connections, using the TCP/IP protocol
- NetStumbler - A Windows-based wireless network detection tool used for wardriving and WiFi mapping
- NFTables - The newer NetFilter userspace program replacing IPTables for Linux firewall management
- Nikto - A free command-line utility vulnerability scanner
- NMap - A network discovery and security auditing port/host scanner
O[edit | edit source]
- OpenVAS - A full-featured vulnerability scanner forked from the Nessus code base in 2006
- ophCrack - An open-source Windows-password cracking program
- Oracle VirtualBox - An open-source system virtualization tool
- OSSEC - A free Host Intrusion Detection System (HIDS) tool
P[edit | edit source]
- p0f - An open-source, passive-listening traffic fingerprinting tool for Unix-based systems
- PimpMyKali - A script for fixing Kali virtualized system problems
- Port Authority - An Android based, high-speed scanner that allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts
- PortQry - A command-line port scanner which runs on Windows 2000 based servers
- PortQryUI - A graphical interface the the above-listed PortQry tool
- pwncat - A post-exploit tool for streamlining red team operations
Q[edit | edit source]
R[edit | edit source]
- Raccoon - An offensive security tool for reconnaissance and information gathering
S[edit | edit source]
- SMap - A command-line options compatible replacement for NMap powered for the Shodan port scanning API
- Snort (Community Ruleset) - A free and open-source network intrusion detection system (NIDS) and intrusion prevention system (IPS)
T[edit | edit source]
- tcpdump - A powerful command-line packet analyzer
- TCP Port Scanner - An application that uses high-speed SYN scanning to find open ports on a network
- Test My Defenses - A free website by ZScaler to test and advise on how to improve your protection against Ransomware
- THC-Hydra - A GPLed proof-of-concept password cracking tool
U[edit | edit source]
- Uncomplicated Firewall (UFW) - A command-line tool for managing NetFilter firewalls, available in Ubuntu and Debian distributions
V[edit | edit source]
W[edit | edit source]
- Wfuzz - A fuzzing tool for finding hidden web resources
- Wireshark - The world’s foremost, widely-used network protocol analyzer
X[edit | edit source]
Y[edit | edit source]
- Yuki Chan The Auto Pentest - A Linux-based automated penetration testing tool to audit standard security settings
Z[edit | edit source]
- Zed Attack Proxy - The world's most widely used web application scanner